Connectors
...
Actions
Run Query
6 min
description executes a custom query in microsoft defender and returns the results, requiring a 'query' specified in the json body endpoint url /api/advancedqueries/run method post inputs json body (object) – required query (string) – required output example \[ { "status code" 400, "response headers" { "date" "thu, 04 may 2023 18 35 41 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "content encoding" "deflate", "vary" "accept encoding", "strict transport security" "max age=15724800; includesubdomains" }, "reason" "bad request", "json body" { "error" { "code" "badrequest", "message" "a recognition error occurred fix syntax errors in your query ", "target" "|1d25001e 48e8e09dbddde4f4 " } } } ] output parameters status code (number) reason (string) json body (object) error (object) code (string) message (string) target (string) response headers header type date string content type string transfer encoding string connection string content encoding string vary string strict transport security string